I can't speak about AMD but here is a rundown for Intel CPUs.

• 6th gen - Widely available, cheap, supports the bare minimum. It transcodes the most widely available codes - h.264, h.265.
• 8th gen - Same video capabilities as 7th gen but has more cores. Relatively cheap and widely available. I bit more rounded codec support.
• 11th gen - Previous generations 9th and 10th are incremental and meaningless. 11th introduces AV1 transcoding (Decode only) but it's still a very meaningful impact because AV1 is both size efficient and very high quality (in most cases, doesn't play well with noise).

These are the 3 tiers that I look at. Metor Lake is about to be released with native encode and decode support for AV1 but it's too early to matter.

More info in the chart here.

I don't think such a thing exists. It clashes with the idea of selfhosting. You can shoestring a solution that will do what you ask but it won't be an appliance/application that someone else maintains.

Weekly unattended apt and docker updates are actually worse than manual ones. I update maybe once a month. Watchtower takes care or checking and downloading new updates but I'm the one to redeploy containers with the new image.

The closest thing that comes to mind is Portainer. It offers point 1, 4, 6. The Business edition has update checking built into the UI. The Community edition lacks update checking but you can substitute it (and improve on it IMO) with Watchtower.

Watchtower can check and download updates while you just click redeploy.

For backups, try Nautical Backup

This leaves only rollbacks unaddressed. But realistically, on a hands-off box, you won't need it and if you do, copying over from the backup will be enough.